Tenant is an isolated workspace within the Palette Console. Users and Teams with specific Roles can be associated with the Tenant(s) you create.
Palette has adopted the security principle of least privilege. Each user is assigned Roles and Permissions to the scopes, resources, and resourceKey. The Permissions format is resourceKey.operation, where resourceKey refers to resource or the API functionality, and Operation refers to the permitted action or activitie.
To view a list of the predefined roles and permissions, go to Tenant Settings > Roles, and you will find the list of Global Roles. If you need to extend your permissions, use the Create Role option.
Below is the list of Roles and Permissions that already predefined for the Global Tenant Scope:
| Role Names | Description |
|---|
| Tenant Admin | The Tenant Administrator role allows the user to create projects and manage projects within the tenant, covered under all operations related to projects |
| Tenant Viewer | Tenant Viewer has a read only access to all the project resources |
| Tenant Project Admin | The role with complete access to an existing project |
The table enlists the role wise resourceKeys and Operations that are predefined under the Global Tenant Scope:
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
|---|
| apiKey | √ | √ | √ | √ | √ | | | | |
| audit | | | √ | √ | | | | | |
| cloudaccount | √ | √ | √ | √ | √ | | | | |
| cloudconfig | √ | √ | √ | √ | √ | | | | |
| cluster | √ | √ | √ | √ | √ | √ | | | |
| clusterProfile | √ | √ | √ | √ | √ | | √ | | |
| clusterRbac | √ | √ | √ | √ | √ | | | | |
| dnsMapping | √ | √ | √ | √ | √ | | | | |
| edgehost | √ | √ | √ | √ | √ | | | | |
| location | √ | √ | √ | √ | √ | | | | |
| machine | √ | √ | √ | √ | √ | | | | |
| macro | √ | √ | √ | √ | √ | | | | |
| packRegistry | √ | √ | √ | √ | √ | | | | |
| privateGateway | √ | √ | √ | √ | √ | | | | |
| project | √ | √ | √ | √ | √ | | | | |
| role | √ | √ | √ | √ | √ | | | | |
| sshKey | √ | √ | √ | √ | √ | | | | |
| team | √ | √ | √ | √ | √ | | | | |
| user | √ | √ | √ | √ | √ | | | | |
| workspace | √ | √ | √ | √ | √ | | | √ | √ |
| Role Names | Description |
|---|
| Tenant Cluster Profile Admin | A role which has complete access to all the Cluster Profile related operations |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
|---|
| clusterProfile | √ | √ | √ | √ | √ | | √ | | |
| macro | √ | √ | √ | √ | √ | | | | |
| packRegistry | | | √ | √ | | | | | |
| Role Names | Description |
|---|
| Tenant Role Admin | A role which has complete access to all the Role related perations |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
|---|
| role | √ | √ | √ | √ | √ | | | | |
| Role Names | Description |
|---|
| Tenant Team Admin | A role which has complete access to all the Team related operations |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
|---|
| apiKey | | | √ | √ | | | | | |
| audit | | | √ | √ | | | | | |
| team | √ | √ | √ | √ | √ | | | | |
| user | | | √ | √ | | | | | |
| Role Names | Description |
|---|
| Tenant User Admin Role | A role which has complete access to all the User related operations |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
|---|
| apiKey | √ | √ | √ | √ | √ | | | | |
| audit | | | √ | √ | | | | | |
| user | √ | √ | √ | √ | √ | | | | |